>Redhat is the most serious game in town for SELinux

SELinux on Red Hat only confines web servers, DNS servers and such. All software started by an interactive user, including web browsers, runs in the "unconfined" domain (term?), which means SELinux is not even trying to contain that software.

ChromeOS OTOH does use selinux to sandbox the browser (and IIUC Android uses it to sandbox every app).

>Comparing Mac to RHEL, there’s only one place where Mac is ahead

That's not my understanding: Mac is far from perfect, but it is more secure overall than RHEL and Fedora IMO. It's not just that the Mac verifies the integrity of /usr and such whereas Linux distros do not.